Filters








27 Hits in 0.91 sec

A Study of Data Store-based Home Automation [article]

Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, Denys Poshyvanyk
2018 arXiv   pre-print
Home automation platforms provide a new level of convenience by enabling consumers to automate various aspects of physical objects in their homes. While the convenience is beneficial, security flaws in the platforms or integrated third-party products can have serious consequences for the integrity of a user's physical environment. In this paper we perform a systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, that implement home automation
more » ... routines" (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines. This analysis results in ten key findings with serious security implications. For instance, we demonstrate the potential for the misuse of smart home routines in the Nest platform to perform a lateral privilege escalation, illustrate how Nest's product review system is ineffective at preventing multiple stages of this attack that it examines, and demonstrate how emerging platforms may fail to provide even bare-minimum security by allowing apps to arbitrarily add/remove other apps from the user's smart home. Our findings draw attention to the unique security challenges of platforms that execute routines via centralized data stores and highlight the importance of enforcing security by design in emerging home automation platforms.
arXiv:1812.01597v1 fatcat:6hufgx3bijftbdda5e5ocnlxva

Practical DIFC Enforcement on Android

Adwait Nadkarni, Benjamin Andow, William Enck, Somesh Jha
2016 USENIX Security Symposium  
Smartphone users often use private and enterprise data with untrusted third party applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as Android, exposes this data to the risk of unauthorized exfiltration. A natural solution is the integration of secrecy guarantees into the OS. In this paper, we describe the challenges for decentralized information flow control (DIFC) enforcement on Android. We propose contextsensitive DIFC enforcement via lazy polyinstantiation
more » ... practical and secure network export through domain declassification. Our DIFC system, Weir, is backwards compatible by design, and incurs less than 4 ms overhead for component startup. With Weir, we demonstrate practical and secure DIFC enforcement on Android.
dblp:conf/uss/NadkarniAEJ16 fatcat:duua7m72jrf2xdadafh4gefpna

Policy by Example: An Approach for Security Policy Specification [article]

Adwait Nadkarni and William Enck and Somesh Jha and Jessica Staddon
2017 arXiv   pre-print
Policy specification for personal user data is a hard problem, as it depends on many factors that cannot be predetermined by system developers. Simultaneously, systems are increasingly relying on users to make security decisions. In this paper, we propose the approach of Policy by Example (PyBE) for specifying user-specific security policies. PyBE brings the benefits of the successful approach of programming by example (PBE) for program synthesis to the policy specification domain. In PyBE,
more » ... s provide policy examples that specify if actions should be allowed or denied in certain scenarios. PyBE then predicts policy decisions for new scenarios. A key aspect of PyBE is its use of active learning to enable users to correct potential errors in their policy specification. To evaluate PyBE's effectiveness, we perform a feasibility study with expert users. Our study demonstrates that PyBE correctly predicts policies with 76% accuracy across all users, a significant improvement over naive approaches. Finally, we investigate the causes of inaccurate predictions to motivate directions for future research in this promising new domain.
arXiv:1707.03967v1 fatcat:n3s5pnigmvgy7iilah6zgjs4ki

ASM: A Programmable Interface for Extending Android Security

Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Sadeghi
2014 USENIX Security Symposium  
Adwait Nadkarni and William Enck were partially supported by NSF grants CNS-1253346 and CNS-1222680.  ... 
dblp:conf/uss/HeuserNES14 fatcat:phxuzcdtandu3j64wpg5hondv4

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware [article]

Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William Enck, Eric Bodden, Alexandre Bartel
2019 arXiv   pre-print
Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the
more » ... tness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.
arXiv:1901.03603v1 fatcat:fhbi7zjoqfb4tihk4ichlb23u4

A Study of Grayware on Google Play

Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, Tao Xie
2016 2016 IEEE Security and Privacy Workshops (SPW)  
While there have been various studies identifying and classifying Android malware, there is limited discussion of the broader class of apps that fall in a gray area. Mobile grayware is distinct from PC grayware due to differences in operating system properties. Due to mobile grayware's subjective nature, it is difficult to identify mobile grayware via program analysis alone. Instead, we hypothesize enhancing analysis with text analytics can effectively reduce human effort when triaging
more » ... In this paper, we design and implement heuristics for seven main categories of grayware. We then use these heuristics to simulate grayware triage on a large set of apps from Google Play. We then present the results of our empirical study, demonstrating a clear problem of grayware. In doing so, we show how even relatively simple heuristics can quickly triage apps that take advantage of users in an undesirable way. IEEE Symposium on Security and Privacy Workshops
doi:10.1109/spw.2016.40 dblp:conf/sp/AndowNBEX16 fatcat:xrzic4n4mfgvlgj3jeyn3cecpq

Preventing accidental data disclosure in modern operating systems

Adwait Nadkarni, William Enck
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Modern OSes such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. Tasks are often completed by stringing together a collection of purpose-specific user applications (e.g., a barcode reader, a social networking app, a document viewer). As users direct this workflow between applications, it is dicult to predict the consequence of each step. Poor selection may result in accidental information disclosure when the target application unknowingly uses
more » ... services. This paper presents Aquifer as a policy framework and system for preventing accidental information disclosure in modern operating systems. In Aquifer, application developers define secrecy restrictions that protect the entire user interface workflow defining the user task. In doing so, Aquifer provides protection beyond simple permission checks and allows applications to retain control of data even after it is shared.
doi:10.1145/2508859.2516677 dblp:conf/ccs/NadkarniE13 fatcat:pryzgt6nrvbw3bwbahs7a2c6ja

A Study of Security Isolation Techniques

Rui Shu, Peipei Wang, Sigmund A Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, Xiaohui Gu
2016 ACM Computing Surveys  
For instance, information secrecy problems arising due to data sharing between applications on Android [Nadkarni and Enck 2013] , and the resultant policies to prevent such problems, can be validated  ... 
doi:10.1145/2988545 fatcat:5llqb3ghnjgghh2yye4vqslz4y

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation [article]

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2018 arXiv   pre-print
Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance, and are hence soundy. Unfortunately, the specific unsound choices or flaws in the design of these tools are often not known or well-documented, leading to a
more » ... placed confidence among researchers, developers, and users. This paper proposes the Mutation-based soundness evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis. We implement μSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps. As the result of an in-depth analysis of one of the major tools, we discover 13 undocumented flaws. More importantly, we discover that all 13 flaws propagate to tools that inherit the flawed tool. We successfully fix one of the flaws in cooperation with the tool developers. Our results motivate the urgent need for systematic discovery and documentation of unsound choices in soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal.
arXiv:1806.09761v2 fatcat:2qfojo6c7veavmrgwliulbui5i

Security in Centralized Data Store-based Home Automation Platforms

Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, Denys Poshyvanyk
2020 ACM Transactions on Cyber-Physical Systems  
Home automation platforms enable consumers to conveniently automate various physical aspects of their homes. However, the security flaws in the platforms or integrated third-party products can have serious security and safety implications for the user's physical environment. This article describes our systematic security evaluation of two popular smart home platforms, Google's Nest platform and Philips Hue, which implement home automation "routines" (i.e., trigger-action programs involving apps
more » ... and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines, and it leads to 11 key findings with serious security implications. We combine several of the vulnerabilities we find to demonstrate the first end-to-end instance of lateral privilege escalation in the smart home, wherein we remotely disable the Nest Security Camera via a compromised light switch app. Finally, we discuss potential defenses, and the impact of the continuous evolution of smart home platforms on the practicality of security analysis. Our findings draw attention to the unique security challenges of smart home platforms and highlight the importance of enforcing security by design.
doi:10.1145/3418286 fatcat:wngbtqkkizdrffsueqnq4ym36y

Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses

Sunil Manandhar, Kevin Moran, Kaushal Kafle, Ruhao Tang, Denys Poshyvanyk, Adwait Nadkarni
2020 2020 IEEE Symposium on Security and Privacy (SP)  
Designing practical security systems for the smart home is challenging without the knowledge of realistic home usage. This paper describes the design and implementation of H lion, a framework that generates natural home automation scenarios by identifying the regularities in user-driven home automation sequences, which are in turn generated from routines created by end-users. Our key hypothesis is that smart home event sequences created by users exhibit inherent semantic patterns, or
more » ... that can be modeled and used to generate valid and useful scenarios. To evaluate our approach, we first empirically demonstrate that this naturalness hypothesis holds, with a corpus of 30,518 home automation events, constructed from 273 routines collected from 40 users. We then demonstrate that the scenarios generated by H lion seem valid to end-users, through two studies with 16 external evaluators. We further demonstrate the usefulness of H lion's scenarios by addressing the challenge of policy specification, and using H lion to generate 17 security/safety policies with minimal effort. We distill 16 key findings from our results that demonstrate the strengths of our approach, surprising aspects of home automation, as well as challenges and opportunities in this rapidly growing domain.
doi:10.1109/sp40000.2020.00062 dblp:conf/sp/ManandharMKTPN20 fatcat:m6fhxaagvfgmrcsfn4wymizaym

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2021 ACM Transactions on Privacy and Security  
Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y . Unfortunately, the specific unsound choices or flaws in the design of these tools is often not known or well documented,
more » ... leading to misplaced confidence among researchers, developers, and users. This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded practice of mutation analysis. We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps. In a study conducted previously, we used μSE to discover 13 previously undocumented flaws in FlowDroid, one of the most prominent data leak detectors for Android apps. Moreover, we discovered that flaws also propagated to other tools that build upon the design or implementation of FlowDroid or its components. This article substantially extends our μSE framework and offers a new in-depth analysis of two more major tools in our 2020 study; we find 12 new, undocumented flaws and demonstrate that all 25 flaws are found in more than one tool, regardless of any inheritance-relation among the tools. Our results motivate the need for systematic discovery and documentation of unsound choices in soundy tools and demonstrate the opportunities in leveraging mutation testing in achieving this goal.
doi:10.1145/3439802 fatcat:jij564rmn5akhdpqdk5pzdempi

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques [article]

Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni
2021 arXiv   pre-print
The correct use of cryptography is central to ensuring data security in modern software systems. Hence, several academic and commercial static analysis tools have been developed for detecting and mitigating crypto-API misuse. While developers are optimistically adopting these crypto-API misuse detectors (or crypto-detectors) in their software development cycles, this momentum must be accompanied by a rigorous understanding of their effectiveness at finding crypto-API misuse in practice. This
more » ... er presents the MASC framework, which enables a systematic and data-driven evaluation of crypto-detectors using mutation testing. We ground MASC in a comprehensive view of the problem space by developing a data-driven taxonomy of existing crypto-API misuse, containing 105 misuse cases organized among nine semantic clusters. We develop 12 generalizable usage-based mutation operators and three mutation scopes that can expressively instantiate thousands of compilable variants of the misuse cases for thoroughly evaluating crypto-detectors. Using MASC, we evaluate nine major crypto-detectors and discover 19 unique, undocumented flaws that severely impact the ability of crypto-detectors to discover misuses in practice. We conclude with a discussion on the diverse perspectives that influence the design of crypto-detectors and future directions towards building security-focused crypto-detectors by design.
arXiv:2107.07065v4 fatcat:dae4vcxftjhftpiafpuur7vr4a

Table of Contents

2021 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)  
Testing 1 1 µSE: Mutation-Based Evaluation of Security-Focused Static Analysis Tools for Android 53 Amit Seal Ami (William & Mary, USA), Kaushal Kafle (William & Mary, USA), Adwait Nadkarni (William &  ... 
doi:10.1109/icse-companion52605.2021.00004 fatcat:7dfrtn6aevbmlf3ikg6gmifcw4

SP 2020 TOC

2020 2020 IEEE Symposium on Security and Privacy (SP)  
Nadkarni (William & Mary, USA) Session #3: Wireless Protocols Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement 500 Patrick Leu (ETH Zurich), Mridula Singh (  ...  viii 482 Sunil Manandhar (William & Mary, USA), Kevin Moran (William & Mary, USA), Kaushal Kafle (William & Mary, USA), Ruhao Tang (William & Mary, USA), Denys Poshyvanyk (William & Mary, USA), and Adwait  ... 
doi:10.1109/sp40000.2020.00102 fatcat:wwgk3dy2kbbctgcqawsudwqq44
« Previous Showing results 1 — 15 out of 27 results